Finding security flaws in source code is daunting; fixing them is an even greater challenge. Our researchers are creating automated tools that can repair bugs automatically or by prompting developers for more information to make effective repairs.

Software Engineering and Information AssuranceCybersecurity

The U.S. Department of Defense (DoD) and industry face many malware problems. CERT researchers automate malware analysis capabilities, including those focused on malware family evolution and similarity.

Data Modeling and Analytics

The U.S. Department of Defense (DoD) and federal agencies are increasingly acquiring software-intensive systems instead of building them with internal resources. However, acquisition programs frequently have difficulty identifying the critical software acquisition activities, deliverables, risks, and opportunities.

Software Engineering and Information AssuranceCybersecurity

Cybersecurity Engineering (CSE) prepares program managers, engineers, developers, educators, and others to better approach the acquisition, development, validation, and sustainment of software so they can address known and emerging patterns of software failure, misuse, and abuse.

The CERT Division of the SEI develops tools that virtualize systems to deliver high-quality training and user performance validation to ensure cyber teams are ready to face ever-evolving threats and challenges.

Artificial Intelligence

The practice of cyber intelligence helps organizations protect their assets, know their risks, and recognize opportunities. In 2018, the SEI conducted a cyber intelligence study on behalf of the United States Office of the Director of National Intelligence (ODNI). Our task was to understand how organizations perform the work of cyber intelligence throughout the United States.

Software Engineering and Information Assurance

Software for mission- and safety-critical systems, such as avionics systems in aircraft, is growing larger and more expensive. The Architecture Analysis and Design Language (AADL) addresses common problems in the development of these systems, such as mismatched assumptions about the physical system, computer hardware, software, and their interactions that can result in system problems detected too late in the development lifecycle. This creates an increasingly unaffordable and potentially dangerous situation for developers and users of mission- and safety-critical technologies.

Cybersecurity

Malicious cyber activity—the theft of intellectual property and sensitive information—poses an increasing and serious threat to national and economic security. The Department of Defense (DoD) called on our experts in the CERT Division to help create the Cybersecurity Maturity Model Certification (CMMC) program to combat cybercrime in the Defense Industrial Base (DIB) sector, its trusted supply chain of more than 300,000 organizations globally that provide essential military operation products and services.